wiredrive-logo-144x1151

Wiredrive.com uses Checkmarx as its first line of defense

Oct 21, 2013 By carolineb

The Requirements

  • Wiredrive is preparing for SSAE16 compliance and needed a suite of tools to validate secure coding best practices.
  • Wiredrive’s Enterprise clients required recurring penetration tests and static code scans to audit the platform’s security.
  • Wiredrive needed an internal solution that integrates with its Continuous Integration (CI) SDLC process, which uses Atlassian’s Bamboo and GIT as the source repository.
  • The solution needed to scan a large web application consisting of PHP, JavaScript, and Python.
  • Wiredrive needed to scan its WordPress plugin and sample code.

 

 

The Alternatives

During the evaluation process, Wiredrive reviewed several open source solutions that failed to locate known vulnerabilities. Wiredrive asked their Enterprise customers’ security departments for security audit recommendations. After additional research, Wiredrive realized that the recommended security vendors were frequently using Checkmarx. When one of Wiredrive’s major customers specifically recommended Checkmarx, they decided to evaluate the product.

The selection of Checkmarx

Wiredrive found Checkmarx’s CxCloud solution to be very easy to use. As a first step, Wiredrive tested its WordPress plugin and identified one unknown vulnerability. The test was easy to perform because CxCloud integrated directly with Github. CxCloud showed the complete attack vector and recommended the best fix locations in the code.

Wiredrive ran their second test to validate their custom framework, which revealed both known and unknown vulnerabilities. Since Checkmarx met all evaluation requirements, Wiredrive signed up.

The Implementation

As a first pass, Wiredrive uploaded the code base directly to CxCloud and ran a full scan. The QA team grouped the results and prioritized remediation.  The initial scans found vulnerabilities in the deprecated code, which was quickly addressed. Wiredrive successfully integrated Bamboo with the Checkmarx CLI interface with the help from the Checkmarx’s support team. This let developers fix bugs and see the number of vulnerabilities decrease on an ongoing basis.

Now, Wiredrive runs a full scan on every build to make sure that new code adheres to secure coding best practices. This process satisfies their most demanding Enterprise customer requirements.

About Wiredrive

Wiredrive (www.wiredrive.com) is the cloud media sharing service of choice for the world’s largest advertising, entertainment and consumer marketing companies. Production, sales and marketing teams trust Wiredrive to simplify the logistics of creativity and securely manage their most important media assets. Wiredrive brings people and media together in a shared space where hard work and great ideas blossom into amazing things. Wiredrive is a fast-growing, profitable and privately-owned company founded in 1999. The Wiredrive team consists of 35 employees and has offices in the media capitals of Los Angeles, New York, San Francisco and London.

The Bottom Line

The sales cycle and product evaluation was simple and straightforward. The Checkmarx team was prompt and helpful throughout the entire sales and onboarding cycle. Technologically, the product exposed unknown vulnerabilities for remediation. Wiredrive’s management team finds Checkmarx executive reports simple and easy to understand. Finally, Wiredrive’s Enterprise customers have responded positively by signing up additional departments and referring new customers.

“Checkmarx plays a fundamental roll in hardening our web application. Exploits are becoming more sophisticated and Checkmarx is our first line of defense.

Daniel Bondurant

CTO

Wiredrive.com

Download PDF

 

The following two tabs change content below.

carolineb

Latest posts by carolineb (see all)

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Get a Checkmarx Free Demo Now

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.